writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect injection as it processes untrusted requirements into executable task plans. Ingestion points: Processes 'spec or requirements' provided by users to generate file-modification and shell-execution steps. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the requirements. Capability inventory: Generates shell commands (e.g., pytest, git) and file-write operations across multiple files. Sanitization: Absent; no escaping or validation is performed on the ingested requirements before they are incorporated into code or commands.
- [Prompt Injection] (MEDIUM): The skill uses directive markers ('REQUIRED SUB-SKILL', 'For Claude:') to override the agent's default reasoning and force the use of specific external execution skills.
- [Command Execution] (MEDIUM): The skill's primary function is to generate and suggest the execution of shell commands, which increases the potential impact of any injected malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata